jpguillebaud
asked on
Connecting a server to two separate internet lines
We have two internet lines, one of which we are planning to use for sending our server backups to an externally hosted server. The server has two NICs, so would it work if we connect both NICs to our internal network and assign each one a separate default gateway? I assume we would update the routing table to send the IP requests down the appropriate NIC depending on the destination IP address. Is this the right way to configure this?
I'm not sure if you're saying you want the backups to go over 1 or 2 paths. And not sure if you're talking about using a VPN to the backup server. I'm not a huge network guy, but I understand some and I have some thoughts.
Your machine can only use 1 default gateway at a time. The whole purpose of a DG is that when a route is not known, it uses that 1 path (not paths). You can set a DG on each but only one NIC will have the priority. As an example, you can see this in Windows 7's Network Connections windows by going up to the menu and clicking Advanced, Advanced Settings.
It sounds like you want: 1 LAN, 2 WAN exit points. You would configure your routers with 2 routes to the destination backup network (1 via each different WAN). That way, if 1 link fails, it can always try the other one. With both of your PC's NICs on the same LAN, it won't matter which NIC ends up being used because the router will end up sending the traffic to the preferred WAN anyway.
Your machine can only use 1 default gateway at a time. The whole purpose of a DG is that when a route is not known, it uses that 1 path (not paths). You can set a DG on each but only one NIC will have the priority. As an example, you can see this in Windows 7's Network Connections windows by going up to the menu and clicking Advanced, Advanced Settings.
It sounds like you want: 1 LAN, 2 WAN exit points. You would configure your routers with 2 routes to the destination backup network (1 via each different WAN). That way, if 1 link fails, it can always try the other one. With both of your PC's NICs on the same LAN, it won't matter which NIC ends up being used because the router will end up sending the traffic to the preferred WAN anyway.
ASKER
Herewith a diagram showing our network. As indicated I am connecting one server to two routers at the same time and want to control which internet line to send the requests down. To answer your other question, we are using Windows Server 2012. 
The easy answer would be to have the two network cards on two different subnets. Your primary connection would have a default gateway setup like you normally have on a single-homed machine. For the second NIC you'd need to create a static route using netsh so that the traffic in question would always route out the proper adapter.
Have a look at the following link for details on setting up the route within Windows: Adding a static route using netsh and route commands
Have a look at the following link for details on setting up the route within Windows: Adding a static route using netsh and route commands
ASKER
Is it possible to have the NICs on the same subnet instead of separate ones? The reason for this is because we want to be able to switch the default gateway of our own PCs to use the backup line whenever the main line goes down.
Technically yes but you're not going to accomplish what you want.
Can you tell me why you want to split the two lines? Why not use teaming to bond the two NIC ports. You can still direct the traffic for your backups over the second router while keeping everything else routing over your main router. This would actually be the most stable and effective way to make it happen.
What's the available bandwidth on those two internet connections? Unless it is a Gigabit fiber connection then it really doesn't help you by isolating traffic on the server side to an individual NIC port. You're much better off teaming the NIC's on the server and just routing your traffic over the two internet connections per your rules. ...and if you do have teaming setup and you configure things right you'll have the auto-failover function you mentioned earlier so that traffic can route over the secondary connection as needed.
Does this make sense to you?
Can you tell me why you want to split the two lines? Why not use teaming to bond the two NIC ports. You can still direct the traffic for your backups over the second router while keeping everything else routing over your main router. This would actually be the most stable and effective way to make it happen.
What's the available bandwidth on those two internet connections? Unless it is a Gigabit fiber connection then it really doesn't help you by isolating traffic on the server side to an individual NIC port. You're much better off teaming the NIC's on the server and just routing your traffic over the two internet connections per your rules. ...and if you do have teaming setup and you configure things right you'll have the auto-failover function you mentioned earlier so that traffic can route over the secondary connection as needed.
Does this make sense to you?
ASKER
We plan to split the lines so that whenever backups are being sent to the cloud through the new internet line, the other NIC on that server can continue to function at its full bandwidth, and internet connections from the staff computers shouldn't be slowed down by the backups since those connections will continue to use the original internet line.
What do people normally do in a situation like this? We did originally try and configure NIC teaming but it proved too troublesome and so we would prefer not to use that as an option.
What do people normally do in a situation like this? We did originally try and configure NIC teaming but it proved too troublesome and so we would prefer not to use that as an option.
Normally you'd have a firewall/router in place that can support multiple WAN (internet) connections. In your case, you'd setup the firewall policies and routing rules in that device so that normal internet traffic goes over one connection and any traffic for your backup process would route over the secondary connection.
From what I understand you have in place right now you don't have a single device that both WAN connections are hosted through inside your network. In that case, you'd need to create the routing rules on your server using netsh.
To be honest it will be easier and better overall if you guys would invest in a firewall router to do this for you... you can pick up a decent unit for < $500 (maybe less).
Do you have any budget dollars available that you can use for this?
From what I understand you have in place right now you don't have a single device that both WAN connections are hosted through inside your network. In that case, you'd need to create the routing rules on your server using netsh.
To be honest it will be easier and better overall if you guys would invest in a firewall router to do this for you... you can pick up a decent unit for < $500 (maybe less).
Do you have any budget dollars available that you can use for this?
ASKER
jpgobert, what you describe doesn't sound like what we are after. You are talking about having one single network connection which sends signals to the appropriate router by means of the routing rules, however we would like to use two separate NIC connections on the server so that the full bandwidth of each NIC is available for each connection, i.e. 1Gbps for backups and 1Gbps for internet traffic, instead of sharing 1Gbps across the two connections. Is this possible?
It is... you'll just have to add a static route to the server... tell me this, will the two internal IP addresses of the routers for the internet connections be on the same subnet?
Let me know and I'll reply with a sample route command.
Let me know and I'll reply with a sample route command.
ASKER
Yes, we are planning to assign the IP addresses of the routers on the same subnet so we can easily switch over from one to the other on the staff computers if one of the two internet lines goes down.
I have just read that the way to do this is to leave the "default gateway" blank for both TCP/IP configurations and use NETSTAT to create the necessary routes - we would create a route which sends packets destined for the IP address of the backup server to send them down the new internet line and route all other destinations down the other line.
I have just read that the way to do this is to leave the "default gateway" blank for both TCP/IP configurations and use NETSTAT to create the necessary routes - we would create a route which sends packets destined for the IP address of the backup server to send them down the new internet line and route all other destinations down the other line.
ASKER
PS - I mean "NETSH" not netstat of course!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks jpgobert, that is exactly what I was thinking of doing!
One thing to be aware of... you need to find the interface numbers for the NIC ports so you can run the route command.
The easiest way to find it is by running: route print
The first section of the output of that command will be your list of network adapters and the IF numbers are listed there.
Good luck!
The easiest way to find it is by running: route print
The first section of the output of that command will be your list of network adapters and the IF numbers are listed there.
Good luck!
Can you post back with a quick write-up of your network layout so we can get a better understanding of your situation?
There will be a way to do what you're trying to do but without knowing some details on your layout it'll be hard to give you good suggestions that actually apply to your situation.